Couchbase Server@* Security Vulnerabilities and Issues — Couchbase Server@* CVE List

Lucene search

CouchbaseCouchbase Server*

14 matches found

CVE•added 2022/06/13 11:15 p.m.•76 views

CVE-2022-32562

An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission.

8.8CVSS8.5AI score0.00428EPSS

CVE•added 2022/06/13 9:15 p.m.•61 views

CVE-2022-32560

An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings.

7.5CVSS7.5AI score0.00363EPSS

CVE•added 2022/06/14 5:15 p.m.•60 views

CVE-2022-32557

An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers.

7.5CVSS7.7AI score0.0039EPSS

CVE•added 2022/06/13 9:15 p.m.•59 views

CVE-2022-32564

An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.

7.5CVSS7.5AI score0.0051EPSS

CVE•added 2022/06/13 11:15 p.m.•59 views

CVE-2022-32565

An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.

7.5CVSS7.5AI score0.00478EPSS

CVE•added 2022/06/13 9:15 p.m.•58 views

CVE-2022-32558

An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure.

7.5CVSS7.4AI score0.0051EPSS

CVE•added 2022/07/21 12:15 p.m.•57 views

CVE-2022-32556

An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes.

7.5CVSS7.4AI score0.0051EPSS

CVE•added 2022/06/13 11:15 p.m.•56 views

CVE-2022-32192

Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.

7.5CVSS7.4AI score0.00371EPSS

CVE•added 2022/06/13 9:15 p.m.•56 views

CVE-2022-32193

Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.

6.5CVSS6.4AI score0.00376EPSS

CVE•added 2022/06/14 5:15 p.m.•56 views

CVE-2022-32559

An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.

9.1CVSS9AI score0.00699EPSS

CVE•added 2022/06/02 2:15 p.m.•54 views

CVE-2021-33504

Couchbase Server before 7.1.0 has Incorrect Access Control.

4.9CVSS5.2AI score0.00418EPSS

CVE•added 2022/06/14 5:15 p.m.•49 views

CVE-2022-32561

An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network.

4.9CVSS6.7AI score0.0142EPSS

CVE•added 2022/07/12 2:15 p.m.•44 views

CVE-2022-33911

An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.

5.3CVSS5.1AI score0.00486EPSS

CVE•added 2022/07/12 2:15 p.m.•25 views

CVE-2022-33173

An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead.

7.5CVSS7.5AI score0.0051EPSS